By Wes Hutcherson, director of competitive intelligence, eSentire.
Educational institutions are being dealt a one-two-punch these days. If it’s not the financial crisis spawned by the global pandemic and the subsequent economic crisis, it’s schools and institutions of higher learning’s growing attractiveness as targets for cybercriminals. Over the past three years, educational institutions around the globe have seen an increase in incidents bypassing traditional prevention technologies, causing expensive remediation efforts. And it’s only getting worse.
The writing on the Blackbaud
In 2018, more than 300 universities worldwide and 144 U.S. universities were part of a cyberattack by Iranian hackers that stole more than 30 terabytes of data costing universities more than $3.4 billion dollars. A year later, the Georgia Institute of Technology reported they had been breached, exposing the personally identifiable information (PII) data of 1.3 million students, teachers, staff and student applicants.
More recently, the University of Utah paid out more than $457,000 to mitigate a ransomware attack on its computer servers. Earlier this summer, Blackbaud, a cloud computing company, was hit with ransomware. The company ultimately paid to protect its data, but the net result was that dozens of universities in the United States, Canada and Great Britain were impacted. And now, with increasing numbers of U.S. public schools opting for virtual classrooms for the foreseeable future, out comes a report that found security issues with Google Classroom.
All told, since 2005, the Privacy Right Clearinghouse reported that 780 data breaches have occurred in K-12 schools and institutions of higher education, so despite what you might have learned in school sometimes 780 multiplied by 15 (years) does equal 14,871,122, at least if you’re talking about numbers of compromised records.
The three “R”s: Reading, writing and regulation
The risk associated with student data is increasing, and compounding the problem is the unexpected shift to virtual learning environments that has only served to increase the pressure on already constrained cybersecurity resources. The education sector has a unique set of cybersecurity risks to factor in, including a broad array of personal devices used to access information and learning platforms, as well as the adherence to governmental requirements that protect students’ sensitive data.